> ## Documentation Index
> Fetch the complete documentation index at: https://docs.chkk.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Risk Feed MCP Server
> Connect MCP Clients (e.g., Cursor, Claude Desktop) to Chkk Risk Analysis
This is a **preview-only** version of the Risk Feed MCP Server. Features and supported platforms will be enhanced as we iterate.
***
## What is the Risk Feed MCP Server?
The **Risk Feed MCP Server** lets you use natural language in any [MCP client](https://github.com/cursor-so/mcp) (such as [Cursor](https://www.cursor.so/) or [Claude Desktop](https://claude.ai/download)) to:
* List and analyze Operational Risks in your infrastructure
* Fetch all affected resources identified by an Operational Risk so you can prioritize tasks, assign owners and plan effectively.
* Trigger mitigation and remediation workflows
The server authenticates using a machine principal (e.g. Cloud Identity), which must be registered with Chkk. You can add your Cloud Identities to a Chkk Team.
This guide uses Cursor as an example MCP client, but the Risk Feed MCP Server works with any compatible MCP client, including tools like Claude Desktop.
***
## Prerequisites
* Download a supported Risk Feed MCP Server binary for your platform (see instructions below)
* Access to your Chkk API URL (if unsure, please contact Chkk Support)
***
## Cloud Credentials Required
The Risk Feed MCP Server requires valid cloud account credentials to be configured on your machine. Currently, only AWS is supported. These credentials are used to authenticate with Chkk using presigned STS URLs. Before using the server:
* Verify that your Cloud Machine Identity is registered with Chkk (please contact Chkk Support is assisstance is required)
* Ensure you have valid AWS credentials of the registered Cloud Machine Identity configured locally
If you encounter authentication errors, see the [Troubleshooting](/resources/troubleshooting#16-how-do-i-troubleshoot-common-issues-with-the-chkk-mcp-server) section.
***
## Step 1: Download the Risk Feed MCP Server
Download the latest Risk Feed MCP Server binary for your platform:
Apple Silicon
M1/M2/M3 and newer
ARM 64-bit servers
Intel/AMD 64-bit PCs
After downloading:
1. Unzip the downloaded binary
2. (macOS/Linux) Make the binary executable:
```bash theme={"dark"}
chmod +x ./chkk-mcp-*
```
## Step 2: Configure your Cursor instance to use the Risk Feed MCP Server
Create (or modify) the `.cursor/mcp.json` file in your project folder using the binary relevant to your platform.
This guide assumes that the unzipped binary is located in the `./bin/` directory of your Cursor project. Update the path if the unzipped binary is located elsewhere.
```json macOS (Apple Silicon) theme={"dark"}
{
"mcpServers": {
"chkk-mcp-stdio": {
"command": "./bin/chkk-mcp-darwin-arm64",
"args": ["serve"]
}
}
}
```
```json Linux (arm64) theme={"dark"}
{
"mcpServers": {
"chkk-mcp-stdio": {
"command": "./bin/chkk-mcp-linux-arm64",
"args": ["serve"]
}
}
}
```
```json Windows (amd64) theme={"dark"}
{
"mcpServers": {
"chkk-mcp-stdio": {
"command": "./bin/chkk-mcp-windows-amd64.exe",
"args": ["serve"]
}
}
}
```
***
## Step 3: Start the Server
Cursor will launch the server automatically and prompt you to enable the MCP tool.
Or, if you use your own custom MCP client, you can run it manually as well:
```bash theme={"dark"}
./bin/chkk-mcp serve --mode stdio
```
***
## Step 4: Run the Prompt
Open Cursor and try a natural-language request:
> list risks for cluster k8scl\_1234abcd-5678-efgh-9012-3456789abcde
>
> list risks for cluster k8scl\_1234abcd-5678-efgh-9012-3456789abcde in category "guardrail"
Cursor will reply with a concise summary of each risk—plus the affected resources—right inside your editor.
Supported categories are `guardrail`, `api-deprecation`, and `misconfiguration`.
***